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This  report  consists  of  two  parts.  The  first  part  develops  physical-layer  security  theory  and  proposes  its 
realization  in  WLAN.  The  second  part  addresses  cooperative  communications  in  sensor  networks.  To  save 
space,  some  details  have  been  skipped,  but  can  be  referred  in  [3 1]-[34] . 


Part  1 

Randomized  Array  Transmissions  for  Physical-layer  Secured  Wireless  Communications 


1.1.  Introduction 

For  the  rapidly  growing  wireless  communications,  security  has  become  one  of  the  major  concerns 
[1].  Compared  with  wireline  networks,  wireless  networks  lack  a  physical  boundary  due  to  the  broadcasting 
nature  of  wireless  transmissions.  This  unique  physical-layer  weakness  calls  for  innovative  physical-layer 
security  designs  in  addition  to,  and  integrated  with,  the  traditional  data  encryption  approaches. 

Existing  physical-layer  security  techniques  may  be  classified  into  three  categories:  i)  power 
approach  like  beamforming  and  directional  transmissions,  ii)  code  approach  like  spread-spectrum  [2],  and 
iii)  channel  approach  like  [3,4,5].  They  usually  depend  on  some  strong  assumptions  for  secrecy,  e.g.,  the 
unauthorized  user  has  null-receiving  energy,  or  has  no  information  about  the  spreading  codes  or  the 
propagation  channel.  If  these  assumptions  hold,  then  secrecy  is  trivially  achieved,  otherwise  secrecy  is  lost. 
As  a  result,  it  is  difficult  to  conduct  a  meaningful  secrecy  analysis  that  measures  the  performance  of  a 
technique  under  varying  conditions  and  assumptions. 

Unfortunately,  such  strong  assumptions  can  be  easily  violated.  Beamforming  techniques  can  only 
reduce,  not  completely  nullify,  the  signal  energy  toward  the  unauthorized  users,  especially  for  those  inside 
the  transmission  beam.  Spreading  codes  may  be  easily  estimated  by  the  unauthorized  user  from  the 
received  signals  [6].  The  unauthorized  user  may  use  blind  equalization  algorithms  [7,  8]  to  estimate 
channels,  which  causes  many  channel-based  approaches  such  as  [3]  to  lose  secrecy.  Even  for  the  timing- 
based  approach  [4]  which  exploits  the  channel  reciprocity,  certain  brute-force  methods  may  efficiently 
break  the  secrecy  by  examining  all  possible  timing. 

It  is  well  known  that  data  encryption  techniques  realize  computational  secrecy  instead  of  perfect 
secrecy  [9]  because  perfect  secrecy  requires  transmitting  a  key  as  long  as  the  data.  The  key  distribution 
usually  remains  as  a  weakness  for  encryption  techniques.  Interestingly,  perfect  secrecy  is  suggested  in  [5,3] 
as  achievable  with  physical-layer  techniques,  although  some  unrealistic  assumptions  have  to  be  made,  such 
as  channels  are  unknown  to  the  unauthorized  user  or  the  channel  of  the  unauthorized  user  is  noisier  than 
that  of  the  authorized  user. 

We  propose  new  physical-layer  transmission  techniques  to  realize  secrecy  under  more  reasonable 
assumptions.  We  assume  that  the  unauthorized  user  may  have  better  received  signal  quality  and  knows  all 
the  transmission  protocols.  There  are  no  secret  keys  shared  by  the  transmitters  and  the  authorized  user 
before  transmission,  and  both  of  them  have  no  knowledge  of  the  unauthorized  user. 

We  depend  on  two  special  properties  of  wireless  transmissions  for  secure  designs.  First,  signals 
received  by  the  authorized  user  and  the  unauthorized  user  are  different  because  their  channels  are  different. 
Second,  channels  between  the  transmitters  and  the  authorized  user  can  be  reciprocal  [10]  and  can  be 
adjusted  intentionally  [11].  The  first  property  is  due  to  multipath  propagation  and  independent  fading  [12], 
whereas  the  other  one  has  been  widely  accepted  in  literature  [12]  with  some  supportive  demonstration  from 
time-reversal  mirror  experiments  [13].  These  properties  make  physical-layer  security  techniques  quite 
different  from  data  encryption  approaches. 

Our  primary  objective  is  to  develop  randomized  array  transmission  schemes  for  computational 
secrecy,  though  perfect  secrecy  is  shown  to  be  realizable  under  some  circumstances.  The  transmission 
schemes  are  presented  within  the  framework  of  a  cooperative  array  formed  by  a  group  of  cooperating 
transmitters,  each  of  which  may  have  only  a  single  transmitting  antenna.  Physical  antenna  array  is  included 
in  this  framework  as  a  special  case.  Cooperative  transmitters  are  not  only  more  cost-effective  for 
implementing  large  arrays,  but  also  more  flexible  for  creating  desirable  channel  conditions.  On  the  other 
hand,  cooperative  array  is  more  challenging  in  terms  of  synchronization  among  the  transmitters. 
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This  part  is  organized  as  follows.  In  Section  1.2,  a  framework  of  cooperative  array  transmission  is 
formulated  with  synchronous  flat-fading  channels.  In  Section  1.3,  a  transmission  scheme  is  developed  for 
security  based  on  the  inherent  ambiguity  of  blind  equalization.  Then,  assuming  the  unauthorized  user 
knows  its  own  channels,  a  random-matrix  scheme  is  developed  in  Section  1.4.  In  Section  1.5  these  schemes 
are  extended  to  dispersive  channels  with  imperfect  synchronization.  Simulations  are  given  in  Section  1.6.  In 
Section  1.7,  we  describe  their  realizations  in  802.11  WLAN. 


1.2.  System  description 

We  consider  a  wireless  network  where  mobile  users  communicate  with  a  base-station  which  has 
J  transmitting  antennas.  The  base-station  has  either  one  transmitter  with  a  physical  antenna  array,  or  J 
cooperative  transmitters.  We  consider  the  latter  since  it  includes  the  former  as  a  special  case.  The  J 
transmitters  communicate  with  each  other  using  a  secure  link,  such  as  the  wireline  Ethernet  or  some  cables 
that  directly  connect  them  together.  Packets  are  transmitted  by  the  J  transmitters  cooperatively,  during 
which  any  unauthorized  user  should  be  deprived  of  signal  interception  capability,  as  illustrated  in  Fig.  1. 


Fig.  1.  System  model  for  secured  array  transmission  with  either  ^  cooperative 
transmitters  or  one  transmitter  with  a  physical  antenna  array. 

A  beamforming-like  array  transmission  procedure  shown  in  Fig.  2  is  used  by  the  J  transmitters. 
A  symbol  sequence  {b(n)}  ,  obtained  via  any  traditional  modulation  scheme,  is  fed  to  all  J  transmitters. 
Before  transmission,  the  sequence  is  processed  by  the  transmitters.  Though  more  complex  filters  can  be 
used,  we  consider  single-tap  weights  wt(n)  for  simplicity.  In  addition,  each  of  the  transmitters  may 
appropriately  delay  (or  advance)  the  signal  by  5t .  The  transmitted  signal  from  the  transmitter  i  is  thus 
Sj(n)  ,  whereas  the  authorized  user  receives  signal  x(ri) . 


Fig.  2.  The  block  diagram  of  array  transmission. 


If  a  physical  antenna  array  is  used  and  the  propagation  channel  is  Rayleigh  flat  fading,  the 
received  signal  at  the  authorized  user  is 

J  A 

x(n)  =  /  ht  si(n)  +  v(n)  =  hHs(n)+\(n),  (1) 

i=i 

where  v(/?)  denotes  AWGN  with  zero-mean  and  variance  cr2,  channel  coefficients  /?,  are  independent 
complex  circular  symmetric  Gaussian  distributed  with  zero-mean  and  unit  variance,  and 
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A 

V 

A 

Sl(«) 

W\(n) 

A 

h  = 

hj_ 

,  s(/?)  = 

_Sj(n)_ 

= 

_Wj(n)_ 

b(n)  =  w(/?)  b(n). 

(2) 

In  this  part,  (•)*,  (-)r,  and  (-)H  denote  conjugation,  transposition  and  Hermitian,  respectively.  Since 

channel  estimation  is  required,  we  assume  that  h  is  block  fading  [3],  i.e.,  it  is  constant  or  slowly  time- 
varying  when  transmitting  a  block  of  symbols  but  may  change  randomly  between  blocks.  The  symbols 
b(n)  are  independent  uniformly  distributed  with  zero-mean  and  unit  variance. 

The  unauthorized  user  may  use  multiple  receiving  antennas  for  better  interception,  and  the 
interception  becomes  much  easier  with  a  flat-fading  channel  model.  Therefore,  we  consider  the  worst  case 
(to  the  transmitters  and  the  authorized  user)  where  the  unauthorized  user  receives  signals  from  M 
receiving  antennas 


xu,\  («) 

Kxi 

hu,\j 

W\(n-dul)b(n-dul) 

v„,i(«) 

Xu,M  (»)_ 

— 

"  hU'M,J 

_Wj(n-duj)b(n-duj)_ 

+ 

yu,M  («)_ 

The  notations  are  similar  to  (1)  except  that  (•)„  is  used  to  denote  the  unauthorized  user.  The  delays  du  ; 
may  not  be  zero  because  the  transmitters  adjust  <5,  in  favor  of  the  authorized  user.  While  introducing  such 
delays  is  an  important  way  for  enhancing  security,  we  assume  zero  delays  for  simplicity,  i.e.,  du  i  =  0  for 
all  i .  The  equation  (3)  can  then  be  written  as 

x»  Of)  =  H„w(«)Z>(/7)  +  v„  («).  (4) 

Each  element  of  the  channel  matrix  H  u  has  the  same  distribution  as  /?, ,  but  is  independent  from  ht . 

We  focus  only  on  the  security  of  the  downlink  transmission  (from  the  base-station  to  the 
authorized  user).  Once  the  downlink  is  secured,  the  uplink  can  be  easily  secured  by  using  similar 
techniques  and/or  by  exchanging  encryption  keys  frequently. 


1.3.  A  randomized  transmission  scheme  and  computational  secrecy 

In  this  subsection,  we  assume  that  the  unauthorized  user  does  not  know  the  channels  h  and  H„  . 
But  it  may  try  to  estimate  them  by  training/blind  methods,  or  by  a  brute-force  search  of  all  possible 
channels.  The  transmitters  and  the  authorized  user  do  not  know  all  channels  either,  and  have  no  ways  to 
estimate  H„  .  Ways  have  to  be  designed  for  them  to  estimate  h  and  symbols,  during  which  no  information 
should  be  obtained  by  the  unauthorized  user  for  successful  interception. 

1.3.1.  Transmission  and  receiving  procedure 

We  first  give  the  downlink  transmission  and  receiving  procedure  with  the  consideration  of  the 
signal  model  (l)-(2).  According  to  the  received  signal 

x(n)  =  hHv/(ir)b(n)  +  v(n),  (5) 

the  transmitters  need  to  use  special  transmitting  weights  w (/?)  to  fulfill  the  security  objective.  Our  basic 
idea  is  to  make  h  //  win)  deterministic  but  H((w(/?)  changing  randomly  in  each  symbol  interval.  For  this 
purpose,  w(/?)  should  be  random  since  the  transmitters  do  not  know  H„  . 

We  design  the  transmitting  weights  vector  w(/?)  such  that 

hflw(n)  =  llhll,  (6) 
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where  ||h||  =  y •  Although  (6)  looks  similar  to  transmission  beamforming  [10],  the  major 

difference  is  that  w («)  changes  randomly  after  each  symbol  b(n)  is  transmitted.  This  can  be  realized  by 
selecting  randomly  the  elements  of  w(/?)  while  satisfying  the  constraint  (6).  Obviously,  if  the  channel  h  is 
constant  or  slowly  time-varying,  we  need  J  >2  transmitters.  This  explains  why  array  transmission  is 
required. 

II  II 2 

The  authorized  user  can  detect  symbols  after  estimating  the  received  signal  power  h  , 

b(n)  =  ||h||  1  x(n),  (7) 


II  || 2  .  1  .  .2  II 

where  h  can  be  estimated  as  —  >  m  w)  .  If  b(n)  is  designed  with  constant  magnitude  \b(n)\ ,  e.g., 

ii  ii  jy  ^^n=\  ii  ii 


using  PSK  modulation,  then  we  can  simply  use  \x{ri)\  in  place  of  ||h|| ,  i.e.,  use  the  phase  of  x(n)  for 
symbol  detection. 

To  implement  this  transmission  scheme,  the  channel  h  has  to  be  known  to  the  transmitters  instead 
of  the  receiver.  There  are  at  least  two  ways  for  the  transmitters  to  estimate  the  channel  h .  First,  if  the 
downlink  and  uplink  channels  are  reciprocal,  the  transmitters  can  estimate  h  directly  from  the  uplink 
received  signals.  This  is  the  case  in  fast  time-division-duplexing  (TDD)  transmissions  [10],  [12]. 

The  second  way  is  to  ask  the  authorized  user  to  feedback  some  received  signal  information  to  the 
transmitters.  Since  explicit  training  should  be  avoided,  the  transmitters  can  send  a  training  sequence 
randomized  by  w(/?)  which  are  known  to  themselves  only.  The  authorized  user  only  estimates  and 


feedbacks  y(n)  =  h  H  w(n) ,  with  which  the  transmitters  can  estimate  channel  h  based  on  their  knowledge 


of  w(«) , 


h"  =  [.y(i)  -  y(J)\ 


Wj  (1) 


H’j  (J) 


(8) 


|_Wy(l)  •••  Wj(J)  j 

Note  that  only  J  samples  are  required  for  feedback  if  the  weights  vv;  («)  are  chosen  properly.  An 
alternative  method  is  that  the  authorized  user  sends  some  x(n)  directly  back  to  the  transmitters. 


1.3.2.  Transmitting  weights  design 

Before  presenting  our  designs,  we  first  show  that  traditional  transmit  beamforming  methods  do  not 
guarantee  secrecy  although  they  are  optimal  in  terms  of  performance  and  power  efficiency.  A  typical 
transmit  beamforming  method  uses  w(n)  =  h  /||h|| ,  which  has  unit  total  transmission  power  since 

£'[||s(n)||  ]  =  £[tr(w(/? )&(/?)&  («)w  (/?))]  =  is[||w(«)||  ]  =  1 .  Obviously,  w (/?)  is  not  random  if  the  channel 
h  is  constant  or  slowly  time -varying.  The  received  signal  of  the  unauthorized  user  becomes 
xu(n)  =  (Huh/|h|)6(/?)  +  vu(«) ,  from  which  many  blind  equalizers  including  the  constant  modulus 

algorithm  (CMA)  [15]  can  be  applied  for  symbol  detection.  The  same  conclusion  holds  for  other  designs  of 
w (n)  that  are  not  random.  This  explains  why  we  should  make  w (/?)  random  for  randomized  array 
transmissions. 

More  generally,  w («)  can  be  obtained  from  the  singular  value  decomposition  (SVD)  of  h,  i.e., 
hn  =  UDV^  [16].  In  this  special  case,  U  =  1 ,  D  =  diag(||h||,  0,  •••,  0  },  and  V  is  a  J  x  J  unitary  matrix 
whose  first  column  equals  h/|h||.  For  transmit  beamforming,  w  (/?)  can  be  calculated  as 

A 

w(/7 )  =  V[l,  z2(n),  Zj(/7)]r  =  V[l,  zf  («)]r ,  where  Zj(n) ,  j  =  2,  •••,  J  ,  can  be  arbitrary.  Such  a  classic 
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approach  does  not  have  any  secrecy  even  if  w(«)  is  randomized  by  choosing  randomly  zl (n) .  For 
example,  CMA  may  be  used  to  estimate  symbols  from 

X»(«)  =  H„V  1  b{n)  +  \u(n).  (9) 

Lzi(”)J 

In  summary,  in  order  to  guarantee  secrecy,  we  may  not  achieve  the  optimal  unit  transmission 
power.  This  can  be  further  demonstrated  by  the  following  observations.  For  J  =  2  ,  if  we  guarantee  unit 
transmission  power,  then  there  is  no  degree  of  freedom  in  w(»)  left  for  randomization.  In  addition,  if  we 
solve  (6)  by  first  choosing  randomly  wfn) ,  3  <i  <J  ,  and  then  looking  for  wx(n)  and  w2(n)  for  both  (6) 
and  unit  power,  it  turns  out  that  there  may  not  have  solutions. 

Based  on  such  observations,  we  design  transmitting  weights  which  trade  transmission  power  for 
secrecy.  We  first  select  randomly  an  /?,  from  h .  We  can  select  a  threshold  a  and  choose  those  /?,  that 

satisfy  |/i,  |  >  a  .  Then  we  choose  randomly  w.(n) ,  where  1  <  j  <  J  and  j  ^  i .  Without  loss  of  generality, 
we  can  draw  them  from  an  i.i.d.  complex  Gaussian  random  process.  Denote 
z, («)  =  [wx («), •  •  • , («), wi+x{n), ,Wj («)]r  and  h,-(n)  =  [hu hM,---,hj]T  .  The  weights  vector 
is  calculated  as 

HI- hfzi(”) 

w(n)  =  P,  f*  .  (10) 

z,(«) 

The  matrix  P,  is  a  J  x  J  commutation  matrix  whose  function  is  to  insert  the  first  row  of  the  following 
vector  into  the  i  th  row.  Since  hl  is  chosen  randomly,  P,  is  also  random.  This  approach  is  listed  below  as 
Algorithm  1. 

Algorithm  1.  Design  weights  vector  w (n)  for  each  symbol 

I  |2 

1.  Select  randomly  ht ,  1  <  i  <  J  ,  such  that  |/?,.|  >  a  . 

2.  Generate  i.i.d.  random  variables  w  An) ,  1  <  j  <J  ,  /  ^  / . 

3.  Calculate  w(«)  by  (10). 

One  of  the  major  advantages  of  Algorithm  1  is  its  linear  computational  complexity.  Efficient 
computation  is  important  because  w (n)  are  recalculated  in  each  symbol  interval. 


1.3.3.  Transmission  power 


Although  we  do  not  explicitly  apply  any  power  constraints  on  w(«) ,  the  transmission  power  can 
be  statistically  controlled  by  adjusting  the  mean  and  variance  of  the  random  variables  w  f  n) ,  /  ^  / .  Let  us 

consider  the  case  that  the  mean  and  variance  are  zero  and  cr~ ,  respectively.  Then  the  total  transmission 
power  is 


Pt,ht  =^[w"(«)w(/7)|h,pJ=(J-l)<T2  +pL  +  t 


kllV 


for  a  given  channel  realization  h  and  a  given  choice  of  /?,■ . 

Equation  (11)  shows  that  small  /7;  increases  the  total  transmission  power,  so  the  threshold  a 
should  be  carefully  selected.  Since  /?,-  is  a  complex  Gaussian  random  variable  with  zero  mean  and  unit 

,  .2 

variance,  \hA  is  exponentially  distributed  with  unit  mean.  The  probability  for  the  selected  channel 
coefficient  /?,-  to  have  energy  1/7,1"  greater  than  a  is 


5 


p 


e-'dt  =  e~° . 


(12) 


Proposition  1.  With  Rayleigh  fading  channels,  if  the  coefficients  are  selected  with  energy 
threshold  a  (12),  then  the  expected  total  transmission  power  is 

Pt  =(J-l)cr2+l  +  (J-l)(l  +  cr2)r(0,«).  (13) 

Proof.  See  [31]. 

From  (13),  the  total  transmission  power  Pt  is  a  function  of  the  number  of  transmitting  antennas 
J  ,  the  variance  cr~  of  the  random  variables  w.(n)  ,  and  the  threshold  a  for  selecting  h, .  Fig.  3  illustrates 
their  relations.  From  Fig.  3(a),  with  J  =  4  ,  we  see  that  Pt  increases  when  cr2  increases  or  a  decreases. 


(a)  (b) 

P  p,i/p,i 

Fig.  3.  Total  transmission  power  *  and  power  ratio  ’  of  the  th 

transmitter  to  the  j  th  transmitter  (j^i)  when  ht  is  selected  in  (10).  J  =  4  for 
(a),  a  —  1  for  (b).  Solid  lines:  total  power.  Dashed  lines:  power  ratio. 


If  the  channel  h  is  slowly  time -varying  or  even  constant  for  a  long  time,  we  need  to  avoid  the 
case  that  the  power  of  one  of  the  transmitters  is  exceptionally  larger  than  the  others.  Otherwise  the  array 
transmission  behaves  as  that  with  a  single  transmitter,  and  security  can  be  compromised.  Therefore,  we 

have  to  constrain  the  ratio  of  the  transmission  power  of  the  i  th  transmitter  Pt ,  =  (  h  r  +  h,  a  )/\hi\  to 

that  of  the  j  th  transmitter  Pt  ■  =  a1 .  The  power  ratio  can  be  obtained  from  (13)  as 

p,j  _  i  +  (J-i)(i  +  o-2)r(0,«) 

p,j 

Obviously,  it  is  usually  impossible  to  obtain  unit  ratio  unless  we  change  the  probability  of  choosing  ht 
according  to  the  value  of  \hi  .  From  Fig.  3,  the  power  ratio  is  a  decreasing  function  of  both  cr  and  a  . 


1.3.4.  Transmission  secrecy  of  Algorithm  1 

We  have  removed  explicit  training  so  that  the  unauthorized  user  has  no  training  available  for 
channel  estimation.  If  the  channels  are  reciprocal,  then  the  transmitters  can  estimate  channel  h  from  any 
uplink  signal  transmitted  by  the  authorized  user  in  TDD,  without  leaking  channel  information  to  the 
unauthorized  user.  Otherwise,  the  transmitters  depend  on  feedback  from  the  authorized  user  for  channel 
estimation.  In  this  latter  case,  the  secrecy  relies  on  the  security  of  the  feedback  data.  If  the  feedback  data 
are  not  secure  and  can  be  obtained  by  the  unauthorized  user,  whether  they  are  y(n)  =  hw w(n)  or  raw 
received  samples,  the  secrecy  of  the  downlink  transmission  can  be  lost.  For  example,  if  the  unauthorized 
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user  has  intercepted  the  feedback  data  y(n) ,  then  together  with  its  own  estimations  yu(n )  =  Huw(n) ,  it 
can  derive  a  vector  h77!!]]1 .  By  this  vector,  it  can  intercept  symbols  b( n )  from  xu(n) . 

Therefore,  before  using  feedback,  a  secure  initialization  method  has  to  be  adopted  to  secure  the 
first  transmission  for  the  subsequent  feedback-based  data  transmission  to  become  secure.  We  may  exploit 
the  reciprocal  channel  property  to  realize  this  objective.  For  example,  the  authorized  user  can  first  send  a 
training  sequence  to  the  transmitters  using  the  downlink  frequency.  After  the  transmitters  estimate  the 
channel,  secure  downlink  transmission  is  setup  by  Algorithm  1.  Feedback  methods  can  then  be  used  for 
channel  estimation  for  normal  data  transmission,  during  which  the  feedback  data  can  be  secured  via,  e.g., 
Algorithm  1  employed  at  the  authorized  user  or  instantly  exchanged  keys.  The  advantage  is  that  no  secret 
keys  are  required  before  transmission,  which  is  important  considering  that  key  distribution  is  usually  a 
major  weakness  for  traditional  security  techniques. 

Without  training,  the  unauthorized  user  may  turn  to  blind  equalizers.  It  is  necessary  for  the 
transmitters  to  remove  any  constant  modulus  information  from  s Ari)  =  w Ari)b(n)  to  prevent  the 

application  of  a  major  category  ofblind  equalizers:  the  constant  modulus  method  [15],  [17].  This  is  realized 
in  Algorithm  1  by  choosing  wAri)  appropriately.  If  wAri)  is  Gaussian,  then  s  An)  is  satisfactory  because 

b(n)  is  independent  from  wAri)  and  is  uniformly  distributed  with  a  finite  number  of  values.  In  particular, 

if  \b(ri)\  is  constant,  then  s  (n)  is  Gaussian  because  the  Gaussian  probability  density  function  (pdf)  of 

Wj(n )  is  phase  symmetric.  Although  s(n )  is  not  jointly  Gaussian  due  to  (16),  it  is  determined  completely 

by  the  first  and  second  order  moments  whereas  higher-order  moments  are  zero. 

In  this  scenario,  the  secrecy  of  Algorithm  1  comes  from  the  fact  that  the  received  signal  (4)  of  the 
unauthorized  user  is  with  a  multiple-input  multiple -output  (MIMO)  channel  model.  It  is  well  known  that 
blind  MIMO  channel  estimation  has  an  inherent  matrix  ambiguity  if  no  source  property  can  be  exploited 
[17],  [18].  In  our  case,  since  signals  sAri)  are  not  drawn  from  a  finite  alphabet,  there  may  not  be  any 

modulus  information  for  the  unauthorized  user  to  remove  such  an  ambiguity. 

For  example,  the  first-order  moment  of  \u(n)  does  not  provide  the  unauthorized  user  with  any 
useful  information  because  it  is  identically  zero  even  if  wAri)  may  not  have  zero  mean.  For  the  second- 

order  moments,  the  unauthorized  user  may  obtain  R„  =  H„ii[w(n)Z)(n)Z)*(n)w/7(n)]H^7  =  H1(RsHf  . 
There  exist  some  JxJ  unitary  matrices  Q  such  that  R„  =  H!(Q77RSQH^  as  long  as  Q77RSQ  =  RS. 
Since  the  unauthorized  user  does  not  know  Rs ,  it  has  no  information  of  Q  .  Moreover,  the  unknown  R  v 
makes  the  ambiguity  matrix  arbitrary,  not  only  unitary. 

The  conclusion  about  the  ambiguity  matrix  can  be  easily  checked  by  the  subspace  method  [19] 
with  N  >  J  .  Therefore,  if  the  unauthorized  user  can  not  discriminate  Hu  from  H„Q ,  it  can  not 
discriminate  w (n)b(n)  from  Qw(n)b(n) .  This  makes  the  interception  impossible  as  Q  is  unknown. 

If  the  blind  equalization  is  not  applicable,  the  last  way  left  for  the  unauthorized  user  is  to  try  a 
brute-force  search  of  all  possible  channels  H„  (or,  strictly  speaking,  Q  )  and  h.  Let  us  assume  that  the 
unauthorized  user  uses  K  -level  quantization  for  each  single  value  (a  complex  number  has  two  such 
values).  Then  the  brute-force  search  needs  to  consider  at  least  <2,/)  possible  combinations  of  Hu  and 

K2j  possible  combinations  of  h  .  This  gives  an  overall  complexity  ^2J(2/+i) 

With  J  =  4  and  QPSK  transmission,  in  order  to  achieve  bit-error-rate  (BER)  under  0.1,  by 
simulations  we  find  K  >  4  even  in  the  noiseless  case.  When  K  =  4 ,  the  complexity  becomes 
4_x-u(2x4+i>  _  2144  ,  w|1jc|1  gives  security  well  above  the  encryption  with  a  128  -bit  key  [1].  If  considering  a 
more  realistic  BER  of  0.01  at  signal-to-noise -ratio  (SNR)  25  dB  per  receiving  antenna,  then  K  should  be 
at  least  128  ,  which  gives  a  complexity  over  2644  . 

Since  the  complexity  of  the  brute-force  search  increases  rapidly  with  J 2 ,  computational  secrecy 
of  Algorithm  1  can  be  guaranteed. 
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1.4.  Random  matrix  method  for  intentional  ambiguity 

The  transmission  secrecy  of  Algorithm  1  depends  on  the  inherent  ambiguity  of  blind  channel 
equalization.  However,  in  practice,  it  may  not  be  a  trivial  task  to  prevent  every  possible  blind/non-blind 
equalization  method,  especially  since  networking  protocol  information  or  even  the  source  correlations  may 
be  exploited  by  the  unauthorized  user  for  equalization  [20],  [21].  Source  scrambling,  networking  protocols, 
as  well  as  w(;?)  have  to  be  carefully  designed. 

Instead  of  focusing  on  the  issues  relative  to  the  overall  network  design,  we  develop  another 
transmission  algorithm  with  the  objective  of  achieving  secrecy  even  if  the  unauthorized  user  knows  its  own 
channel  Hu  .  This  would  effectively  simplify  the  design  of  physical-layer  secured  wireless  networks.  We 
assume  in  this  subsection  that  the  unauthorized  user  knows  Hu  but  not  h ,  and  has  extremely  high  SNR  or 
even  noiseless  signal.  Such  assumptions  make  our  approach  distinct  from  most  existing  physical-layer 
security  studies  such  as  [3]. 


1.4.1.  Transmission  with  intentional  ambiguity 


With  the  known  Hi( ,  the  signals  of  the  unauthorized  user  (4)  can  be  simplified  to 


x„(«)  =  w0?  )b(n),  (16) 

where  the  noise  is  skipped  under  the  assumption  of  high  SNR.  Since  the  unauthorized  user  may  know  the 
signal  model  of  the  authorized  user  (5)-(6)  (but  does  not  know  h,  win )  and  bin ) ),  a  brute-force  search 
with  much  reduced  complexity  can  be  applied,  during  which  it  simply  checks  every  possible  h  with  (16) 
to  see  whether  the  rule  of  finite  symbol  alphabet  is  satisfied.  This  procedure  may  break  the  secrecy  with  a 
complexity  K2J  only. 

To  resolve  this  weakness,  one  way  is  to  make  h  time -varying,  which  can  increase  the  complexity 
of  the  brute-force  method  in  low  SNR  but  is  not  effective  in  high  SNR  or  noiseless  cases.  To  guarantee 
secrecy  under  (16),  we  propose  to  introduce  intentional  ambiguity  into  w(  n )  in  addition  to  creating  time- 
varying  channels. 

Instead  of  using  (10)  to  find  w(«) ,  we  generate  a  Jx(J-l)  random  matrix  F  =  [f1,---,fJ_1] , 


where  each  f,  is  a  J  x  1  vector.  Let 


a(«)  = 


fiki(») 


(17) 


|_|f/-1|c/_1(n)J 

where  {c,(n)},  are  secret  sequences  known  only  to  the  transmitters.  Without  loss  of 

generality,  we  assume  that  <?,■(«)  =  ±1 ,  V i,n  ,  and  {c,(n)  }  and  {c  (n) }  are  independent  from  each  other. 


We  make  each  column  of  the  matrix  F  to  have  the  same  distribution  as  h  .  The  matrix  F  is  known  to  the 
transmitters  only. 

Then  we  calculate  w («)  by  solving 


h" 

F" 


w(n)  = 


IN 

a(«) 


(18) 


For  the  authorized  user,  the  received  signal  is  still  (5)  and  (6).  The  key  idea  is  to  make  the  unauthorized 
user  unable  to  discriminate  h  from  any  column  of  F ,  even  with  a  brute-force  search.  This  procedure  is 
listed  below  as  Algorithm  2  when  the  channel  h  is  block  fading. 
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Algorithm  2.  Design  w (/?)  for  intentional  ambiguity 

1.  Generate  random  matrix  F  (for  a  block  of  symbols), 

2.  Generate  random  vector  a (n)  (for  each  symbol), 

3.  Calculate  w («)  by  solving  array  equation  (18). 

The  computational  complexity  of  Algorithm  2  is  0(J2) .  Note  that  F_1  is  recalculated  per 
symbol  block,  not  per  symbol.  The  power  efficiency  of  Algorithm  2  can  be  made  much  higher  than 
Algorithm  1  because  the  problem  of  inverting  small  A,  is  gone.  The  lower  bound  of  total  transmission 
power  can  be  determined  from 


r  ii  ii  1 

2 

.Ml2. 

>E 

I**  Fill2 

IN 

|_a(«)_ 

hHh  +  a//(/7)a(n)  ^ 

tr([h  F]"[h  F])  “  ' 


(19) 


However,  the  unit  lower  bound  usually  can  not  be  obtained. 


1.4.2,  Transmission  secrecy  of  Algorithm  2 


In  the  following,  we  use  P[x]  to  denote  the  probability  of  a  random  variable  X  for  notational 
simplicity.  It  equals  the  pdf  f x  (x)  if  X  is  continuous,  or  the  probability  mass  function  p x  when  X  is 
discrete. 


Proposition  2.  Even  if  the  unauthorized  user  knows  its  channel  H„  and  works  in  noiseless 
environment,  it  can  not  discriminate  h  from  any  column  f,  of  F,  i.e„  P[h|{x!,(/7)}]=p[f,|{xli(n)}], 
1  <  /  <  J  - 1 ,  where  { xM(«) }  denotes  the  sequence  including  all  the  available  samples. 

Proof.  Considering  the  maximum  a  posteriori  (MAP)  detector  for  h ,  the  unauthorized  user  has 


p[hi  {*„<»)  )]= ?[{!»  dHw  Mdiw  o® 


P[  h] 


Because  of  (6),  one  element  of  w(7?)  is  completely  determined  by  others  given  h .  Without  loss  of 
generality,  let  wfn)  be  determined  by  random  variables  zfn)  =  \w2(ri),---,Wj(ri)~\r  .  Then 


4*1  {x»  }M{*t(«)  M  {m  }]p[,^)}] 


Similarly,  if  the  unauthorized  user  considers  f,  instead  of  h ,  it  has 

P[f,  |  { x w ( /7 )  }]=  P[{zx{n)  M{b(n)  }]p[^)}]  ■ 

Because  P[f,-]  =  P[h] ,  the  proposition  is  proved.  □ 

Proposition  2  shows  that  the  unauthorized  user  can  not  discriminate  h  from  f,  .  In  other  words,  it 
can  not  discriminate  b{n)  from  cfn)b{n).  This  is  the  ambiguity  created  intentionally  by  Algorithm  2. 
However,  if  the  number  of  vectors  h  and  f,  that  satisfy  (18)  is  finite,  then  the  unauthorized  user  can  use 
brute-force  search  to  determine  which  sequence  among  {b(n)}  and  {<?,■(/?  )b(n):  1  </<  J  - 1}  is  more 
meaningful  by  recovering  them  to  message  sequences. 

Therefore,  we  need  to  create  suitably  time-varying  channels  in  order  to  make  the  brute-force 
search  computationally  prohibitive.  Time-vaiying  channels  can  be  intentionally  created  by  moving 
randomly  transmitting  antennas,  or  by  choosing  different  antenna  subsets  from  a  large  array.  Considering 
the  requirement  of  channel  estimation,  channel  time-varying  rate  should  be  slower  than  symbol  rate.  Each 
channel  realization  is  used  to  transmit  a  short  block  of  symbols  with  a  suitable  F .  As  long  as  the 
determination  of  {b(n)}  requires  a  sufficiently  large  number  of  blocks,  computational  secrecy  can  be 
achieved. 
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For  example,  if  the  symbols  are  sufficiently  interleaved  and  transmitted  in  K  blocks,  the 
complexity  of  breaking  secrecy  is  JK  .  For  J  =  4  transmitters,  K  =  64  blocks  gives  a  complexity  2 128 .  In 
addition,  in  practice,  due  to  noise  and  the  short  block  length,  the  unauthorized  user  may  not  have  sufficient 
statistic  measures  for  determining  even  h  or  f,  .  Hence  computational  secrecy  can  be  guaranteed  with  a 
moderate  number  of  symbol  blocks. 

1.4.3.  Perfect  secrecy 

According  to  the  perfect  secrecy  defined  by  Shannon  [9],  if  the  unauthorized  user  gets  no 
information  on  b(n)  from  the  received  signals  { xu(n)}  then  perfect  secrecy  is  guaranteed.  One  of  the 
ways  to  show  perfect  secrecy  is  that  given  the  received  signals  {x„ (/?)},  the  probability  of  detecting  a 
symbol  b(n) ,  i.e.,  p[b(«)|  {xu(n)  }],  is  independent  of  b(n) . 

Proposition  3.  Assume  that  the  unauthorized  user  knows  its  channel  H„  but  not  h,  and  has 
noiseless  received  signals  {x„(n) }.  Then  p[b(n)|  {xM(«)  }]  can  be  made  independent  of  b(n)  if  h  is  i.i.d. 
for  each  symbol  and  the  symbols  have  constant  magnitude,  i.e.,  \b(n)\  =  1 .  If  the  channel  h  is  constant  or 
slowly  time-varying,  or  if  |  b(n)  |  is  not  constant,  then  p[b(n)\{xu(n)  }]  may  not  be  independent  of  b(n) 

since  the  unauthorized  user  can  exploit  its  knowledge  of  (6). 

Proof.  Since  w (n)  is  randomly  and  independently  generated  in  each  symbol  interval,  if  the 

channel  h  is  i.i.d.  for  each  symbol,  then  w (/?)  is  independent  from  xu(m)  for  any  m^n  .  The  same 
conclusion  holds  for  b(n) .  Therefore,  p[b(/?)|  { xu (/?)  }]  is  equivalent  to  p[b(«)|  xu(n)] .  We  have 

P\b(n)\ x„(w)]=  p[xu(n)\b(n)\  =  P[\\(n)b(n)\b(n)\  •  (21) 

P[x„(n)]  P[x„(«)] 

1  w(/i) 

The  pdf  of  w  (n)b(n)  given  b(n)  is  - - -  f^{ - ),  where  /„.(•)  denotes  the  joint  pdf  of  w(«) . 

\b(n)  |  b(n) 

Because  the  channel  coefficients  in  h  are  jointly  Gaussian  with  zero  mean,  the  pdf  of  h  is  phase 
symmetric  (or  phase  invariant),  i.e.,  the  probability  of  he'0  is  the  same  as  that  of  h  for  any  6  [23]. 
Because  w (/?)  is  obtained  from  h ,  /W(w(/?))  can  also  be  phase  symmetric.  This  can  be  seen  from  the  fact 

that  [w  (n)ej9\  =  |he-/'e| .  This  equation  tells  us  that  if  there  is  a  w(/?)  obtained  from  h  with  certain 

probability,  then  for  any  phase  6 ,  w (n)ej8  can  be  obtained  from  he^°  with  the  same  probability.  Note 
that  different  h  and  he'0  do  not  share  the  same  w(«) . 

Therefore,  if  |/?(«)|  =  1,  then  w (n)/b(n)  and  w(n)  have  identical  probability,  which  means  that 
/W(w(«)/b(n))  =  /w(w(«)).  Hence  P[b(n)\ x„ (/?)]=  P[w(n)]P[Z>(«)]/P[xu(n)] .  Since  P[b(n)\  is 
constant,  p[b(/?)|  x1((/?)]  is  independent  of  b(n) . 

However,  if  the  channel  h  is  not  i.i.d.  for  each  symbol,  or  if  |  b(n)  \  are  not  constant,  then 

t  -  .  /w(2'^— ()  t t  /W(w(rt))  in  general.  Some  information  about  b(n)  may  be  available  given  {xu(«) } .  □ 
p(«)  |  b(n) 

From  Proposition  3,  a  necessary  condition  for  perfect  secrecy  is  that  all  symbols  should  have 
identical  magnitude,  otherwise  the  different  power  information  may  be  exploited.  Such  a  conclusion  is 
similar  to  that  in  [3],  although  the  latter  is  obtained  under  that  assumption  that  the  unauthorized  user  has  no 
information  of  the  channel  HI( ,  nor  can  it  estimate  H1( . 

While  it  is  easy  to  realize  |b(/?)|  =  l,  a  more  challenging  task  for  realizing  perfect  secrecy  in 

practice  is  to  make  the  channel  h  random.  The  difficulty  comes  from  the  channel  estimation  requirement  at 
either  the  transmitters  or  the  authorized  user.  On  the  other  hand,  since  it  does  not  matter  whether  the 
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unauthorized  user  knows  its  channel  Hl(  or  not,  training  methods  can  be  used  for  channel  estimation  with 
reduced  complexity. 

A  possible  way  for  implementing  transmissions  with  perfect  secrecy  is  to  intentionally  create 
channel  variation  by  moving  antennas  randomly,  or  by  selecting  randomly  subsets  of  a  large  antenna 
arrays.  The  latter  case  still  requires  time-varying  channels,  although  the  variation  rate  can  be  slow.  With 
each  new  channel  realization,  a  training  sequence  can  be  transmitted  for  channel  estimation.  After  the 
transmitters  know  the  channels  from  feedback,  a  symbol  is  transmitted  with  a  randomized  w(») .  The 
initialization  based  on  channel  reciprocity  is  still  required.  On  the  other  hand,  channel  reciprocity,  if 
available  during  normal  data  transmission,  can  be  exploited  to  remove  feedback  and  thus  enhance  data  rate. 


1.5.  Secure  transmission  in  dispersive  channels 

As  shown  in  Section  III. 3.1  and  [31],  there  are  three  possible  channel  models  for  cooperative 
transmissions:  synchronous  flat-fading  channel  model,  synchronous  dispersive  channel  model,  and 
asynchronous  dispersive  channel  model.  The  secure  transmission  algorithms  in  Section  1.3  and  1.4  can  be 
extended  to  the  dispersive  channel  models.  To  save  space,  details  of  such  extension  are  not  included,  but 
can  be  found  in  [31]. 

1.6.  Simulations 

In  this  section,  we  show  the  performance  of  the  proposed  Algorithm  1  of  Section  1.3  and 
Algorithm  2  of  Section  1.4.  We  use  bit-error-rate  (BER)  to  compare  the  receiving  performance  of  the 
authorized  user  and  the  unauthorized  user.  We  also  examine  the  transmission  power  of  these  two 
algorithms.  For  comparison  purpose,  we  evaluate  the  performance  of  the  optimal  transmit  beamforming 
[16]  discussed  in  Section  1.3.2,  and  give  the  theoretical  BER  curve  of  the  Rayleigh  fading  channel  without 
diversity  [12].  For  the  unauthorized  user,  blind  equalizers  [18]  are  simulated. 

We  first  study  the  performance  of  the  Algorithm  1.  Channels  are  assumed  block  Rayleigh  fading, 
i.e.,  they  are  constant  during  transmission  of  one  packet,  but  randomly  changing  between  packets.  Each 
packet  contains  200  QPSK  symbols.  We  use  5000  runs  to  obtain  each  BER  value.  For  Algorithm  1,  we 

use  a  =  0.5  ,  a2  =  0.5  .  If  there  are  less  than  two  selectable  channel  coefficients  under  (12),  then  we  simply 
select  hj  between  the  two  strongest  ones  in  order  to  make  P,  in  (10)  random.  Both  flat- fading  channels  and 
dispersive  channels  are  simulated.  For  the  dispersive  channels,  we  use  channel  length  L  =  2  . 

The  simulation  results  are  shown  in  Fig.  4(a).  Transmissions  with  Algorithm  1  have  similar 
performance  as  the  optimal  transmit  beamforming.  The  unauthorized  user  can  not  intercept  symbols  using 
the  blind  equalization  with  8  receiving  antennas  and  sufficiently  good  channels. 


Fig.  4.  Receiving  performance  comparison,  (a)  For  Algorithm  1.  (b)  For  Algorithm  2. 

J  =  4.o  :Algorithms  1  or  2  with  flat-fading  channels.  □Algorithms  1  or  2  with 
dispersive  channels.  +  transmit  beamforming,  x  theoretical  BER  curve  with  Rayleigh 
fading  channel.  A  :blind  detector  of  unauthorized  user. 
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Number  of  Transmitters  J 


Number  of  Transmitters  J 


(a)  (b) 

Fig.  5.  Transmission  power  and  standard  deviation.  Standard  deviation  is  shown  by  x 
above  the  power  value,  (a)  Total  transmission  power,  (b)  Power  of  a  single  transmitter. 
□  :  Algorithm  1.  °  : Algorithm  2.  ^  Transmit  beamforming. 


Then  we  study  the  performance  of  Algorithm  2  with  the  similar  simulation  parameters.  For 
Algorithm  2,  we  let  the  transmitters  to  find  the  best  w («)  from  J  different  F  matrices  in  order  to  reduce 
transmission  power  and  to  avoid  ill-conditioned  matrices.  The  results  are  shown  in  Fig.  4(b),  from  which 
the  conclusion  similar  to  Algorithm  1  can  be  drawn. 

One  of  the  major  differences  between  Algorithm  1  and  Algorithm  2  is  their  transmission  power, 
which  is  compared  in  Fig.  5(a)  and  (b). 


1.7.  Realizing  Physical-layer  Secured  WLAN 

The  main  purpose  of  this  research  topic  is  to  realize  the  physical-layer  security  techniques  in 
802.11  WLAN  without  a  complete  overhaul  of  existing  physical-layer  hardware.  First,  as  can  be  seen, 
physical  antenna  arrays  not  only  increase  system  cost  but  also  require  new  hardware  design  (because 
multiple  parallel  signal  processors  are  required  in  the  same  board.  The  concept  of  cooperative  transmissions 
may  be  more  advantageous  for  cost  reduction  and  for  exploiting  existing  redundant  (but  separate) 
hardware.  For  example,  multiple  access  points,  or  multiple  WLAN  cards,  each  of  which  may  have  only  a 
single  antenna,  can  be  used  to  transmit/receive  the  same  data  packet  in  a  collaborative  manner.  Therefore, 
our  objective  is  to  use  multiple  access  points  (AP)  to  jointly  transmit  a  packet  to  the  authorized  user 
(client),  while  at  the  same  time  to  make  the  reception  at  other  unauthorized  users  impossible. 

Besides  showing  the  idea  of  secure  wireless  networks,  such  a  demonstrative  testbed  can  also  be 
used  to  verify  the  practicability  of  cooperative  communications.  Cooperative  communications  are  a  new 
area  with  many  challenges  involved  in  the  application  and  implementation  such  as  synchronization  and 
collaboration.  A  testbed,  especially  if  constructed  using  WLAN  COTS  devices,  will  be  an  effective  way  to 
show  the  feasibility  of  cooperative  communications  and  the  potential  of  cooperative  communications  as  a 
way  to  enhance  the  performance  and  function  of  either  existing  or  future  systems. 

In  the  following,  we  propose  two  ways  for  constructing  such  a  testbed:  channel  or  time  based 
approaches. 
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1.7.1.  Channel-based  approach 


The  channel-based  approach  depends  on  the  theories  described  in  Sections  1.3  and  1.4,  i.e., 
Algorithm  1  and  2,  where  the  difference  between  the  propagation  channels  of  the  authorized  user  and  the 
unauthorized  user  is  exploited.  The  random  intersymbol  interference  (ISI)  created  intentionally  by  the 
randomization  procedure  may  stop  most  of  the  WLAN  receivers  from  working,  in  particular  those  currently 
on  market.  Since  current  802.11  WLAN  receivers  do  not  have  equalizers  (because  of  the  flat  fading 
channel  models  used  in  indoor  WLAN  environment),  even  a  trivially  introduced  ISI  may  achieve  certain 
degree  of  security. 

The  major  problems  are  relative  to  channel  estimation  and  the  synchronization  among  the 
cooperating  APs.  For  the  channel  estimation,  we  may  depend  on  the  feedback  from  the  authorized  receiver. 
This  can  be  realized  if  the  authorized  receiver  knows  the  channel.  Another  way  is  to  ask  the  authorized 
receiver  to  feedback  some  received  samples  directly,  from  which  the  APs  can  estimate  the  channels.  In 
order  to  achieve  this  objective,  one  way  is  to  reprogram  the  firmware  of  the  authorized  user  to  ask  him  to 
transmit  the  received  samples.  For  the  APs,  a  channel  estimation  algorithm  needs  to  be  implemented.  This 
can  be  realized  by  programming  instead  of  new  hardware  design. 

For  synchronization,  similarly  firmware  needs  to  be  reprogrammed  so  that  we  can  ask  the 
physical-layer  to  maintain  synchronization  clock.  The  synchronization  can  not  be  done  in  the  MAC  or 
above  layer  only  since  the  clock  accuracy  of  these  layers  are  in  the  units  of  microsecond,  not  accurate 
enough  for  transmission. 

Another  problem  that  we  have  skipped  is  whether  the  carrier  frequency  fc  is  identical  among  all 
APs.  Flowever,  this  may  not  a  big  issue  in  802.11  WLAN  since  the  carrier  frequency  drifting  is  at  most  25 
ppm,  which  is  sufficiently  small. 


1.7.2.  Timing-based  approach 

Compared  with  the  channel-based  approach,  the  timing-based  approach  may  be  more  feasible.  By 
timing-based  approach,  we  adjust  the  transmission  delays  instead  of  the  transmission  weights  of  the  APs,  as 
shown  in  Fig.  2.  This  is  somewhat  similar  to  wireless  location  using  time-of-arrival  (TOA).  The  most 
promising  aspect  is  that  the  energy-of-arrival  and  thus  the  RSSI  value  in  802.11  WLAN  may  be  directly 
used  for  deriving  the  timing  information. 

As  illustrated  in  Fig.  2,  the  APs  can  purposely  adjust  the  delay  of  their  transmission  time  instant 
(i.e.,  the  time  instant  that  they  begin  transmission).  Though  the  APs  need  to  know  all  delays,  such  delays 
can  in  fact  be  obtained  from  their  received  signals  from  the  desired  user,  especially  through  the  RSSI 
information.  With  such  information,  the  APs  can  adjust  their  delay.  The  effective  of  this  approach  depends 
on  the  symbol  interval  T  .  In  802.11b,  T  is  1/11  micro-seconds,  which  gives  sufficient  adjustment  range 
for  the  delays. 

The  likelihood  that  such  a  delay  difference  among  the  desired  user  and  the  undesired  user  is  large 
depends  on  the  distance  between  the  desired  user  and  the  undesired  user.  This  is  similar  to  the  accuracy  of 
the  wireless  location  problem.  As  long  as  distance  between  the  two  users  are  larger  than  1/(2T) ,  then  such 
a  likelihood  is  high. 

The  potential  of  the  approach  is  that  we  do  not  have  to  change  anything  in  the  authorized  user.  We 
need  only  to  reprogram  the  APs.  Flowever,  the  frreware  of  APs  is  still  subject  to  change  because  the 
transmission  delay  needs  to  be  synchronized. 


1.7.3.  A  simple  testbed  for  demonstrating  the  concepts 

The  major  challenge  for  the  above  two  methods  is  the  synchronization  in  transmission  timing, 
which  requires  sophisticated  reprogramming  work  in  the  firmware.  We  need  to  study  the  firmware 
programming  of  some  real  implementations.  The  programming  work  may  be  time-consuming,  especially 
since  such  programming  needs  to  be  compatible  with  the  entire  networking. 
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However,  we  have  a  much  quicker  way  to  setup  a  demonstrative  testbed.  Instead  of  working  on 
the  real  802.11  WLAN  network,  we  work  on  separate  802.11  transmitters  and  receivers  without 
considering  the  entire  network.  For  example,  we  can  use  the  standard  transceiver  blocks  (see 
Comblock.com)  to  build  the  cooperative  transmitters,  and  implement  the  secure  transmission  algorithms  in 
general  purpose  PCs.  This  way,  we  can  sample  and  analyze  the  signals  to  obtain  certain  performance 
benchmark. 


Part  2 

Application  of  STBC-encoded  Cooperative  Transmissions  in  Wireless  Sensor  Networks 


2.1.  Introduction 

In  wireless  sensor  networks,  energy  efficiency  is  a  dominating  design  criterion.  Transmission 
energy  efficiency  is  especially  important  because  wireless  transceivers  usually  consume  a  major  portion  of 
battery  energy.  Transmission  energy  efficiency  can  be  enhanced  by  diversity  techniques  with  antenna 
arrays,  among  which  space-time  block  codes  (STBC)  are  attractive  because  of  their  linear  complexity  [24]. 
For  mobile  users  without  antenna  arrays,  STBC  with  cooperative  transmission  schemes  have  been  proposed 
[25]-[27], 

However,  the  requirement  of  extreme  energy  efficiency  in  wireless  sensor  networks  makes  the 
application  of  cooperative  transmission  questionable.  First,  when  sensors  schedule  joint  transmissions,  the 
overhead  of  cooperation  incurs  extra  energy  consumption.  Second,  it  is  not  an  easy  task  to  synchronize 
cooperating  transmitters  in  terms  of  carrier  frequency,  carrier  phase,  symbol  timing  (symbol  rate)  and 
timing  phase  (sampling  time  instant).  Without  perfect  synchronization,  STBC-encoded  transmission 
becomes  more  complex,  sometimes  even  not  applicable  [27],  [28].  Finally,  although  cooperative  diversity 
enhances  transmission  energy  efficiency,  the  involvement  of  more  than  one  transmitting  sensor  increases 
electronic  energy  consumption  [29]. 

So  far,  cooperative  transmission  has  been  studied  mostly  under  the  assumption  of  perfect 
synchronization.  The  overhead,  synchronization,  complexity  and  energy  efficiency  are  to  be  justified.  To 
address  this  task,  without  loss  of  generality  we  consider  a  typical  networking/communication  protocol  for 
wireless  sensor  networks,  i.e.,  low-energy  adaptive  clustering  hierarchy  (LEACH)  [30].  We  propose  ways 
to  incorporate  cooperative  transmission  in  LEACH  and  study  the  associated  overhead,  synchronization  and 
energy  efficiency. 


2.2.  LEACH  with  cooperative  transmission 

We  consider  a  wireless  sensor  network  where  sensors  need  to  transmit  their  data  to  a  remote  data 
collector.  LEACH  is  an  interesting  networking/communication  protocol  for  sensors  to  form  hierarchical 
clusters  and  to  schedule  TDMA  channel  access.  The  operation  of  LEACH  is  broken  up  into  rounds,  and 
each  round  consists  of  four  phases:  advertisement,  cluster  setup,  transmission  scheduling,  and  data 
transmission. 

Advertisement.  In  this  phase,  each  sensor  determines  by  itself  whether  it  becomes  a  cluster  head 
during  this  round.  Each  self-selected  cluster  head  then  broadcasts  an  advertisement  message.  We  do  not 
need  to  make  changes  in  this  phase  for  cooperative  transmission,  though  we  rename  the  cluster  head  as 
primary  head. 

Cluster  setup.  In  this  phase,  each  sensor  transmits  a  cluster-joining  packet  to  its  desirable  primary 
head.  For  ./-sensor  cooperative  transmission,  besides  the  primary  head,  we  need  to  choose  J-l  secondary 
heads  in  each  cluster.  In  our  scheme,  they  will  be  selected  by  the  primary  head  in  the  next  phase. 
Meanwhile,  when  a  sensor  transmits  cluster-joining  packet,  it  should  piggyback  information  about  its 
capability  of  being  a  secondary  head,  e.g.,  its  current  energy  status.  The  overhead  of  this  procedure  can  be 
as  small  as  just  transmitting  one  extra  byte  along  with  the  relatively  long  cluster-joining  packet. 

Schedule  creation.  This  phase  is  for  each  primary  head  to  create  TDMA  channel  access  schedule, 
and  to  inform  each  sensor  the  assigned  slot.  For  cooperative  transmission,  each  primary  head  first  selects 
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the  secondary  heads  based  on  both  the  reported  energy  status  and  the  received  signal  power.  The  power  can 
be  used  as  an  estimation  of  the  sensor  distance.  Then  the  primary  head  informs  the  selected  secondary 
heads  about  their  roles  in  cooperative  transmission,  which  can  be  implemented  by  piggybacking  one  extra 
byte  in  the  original  scheduling  packet.  The  overhead  includes  the  selection  of  secondary  heads  in  the 
primary  head,  and  one  byte  more  transmission  to  each  of  the  J  —  1  secondary  heads.  Such  overhead  is  still 
negligibly  small. 

Data  transmission.  In  this  phase,  each  cluster  head  receives  data  packets  from  the  other  sensors  in 
the  cluster,  fuses  these  packets,  and  transmit  the  fusion  result  to  the  data  collector.  In  cooperative 
transmission  mode,  it  is  still  the  primary  head  that  receives  and  fuses  data  packets.  However,  after  that,  the 
primary  head  first  broadcasts  the  fused  data  to  the  secondary  heads,  and  all  J  heads  then  transmit  the  data 
to  the  data  collector  cooperatively  in  the  following  slot.  This  procedure  is  illustrated  in  Fig.  6(a).  The 
overhead  in  this  phase,  which  is  the  major  one  for  the  proposed  scheme,  includes  the  broadcasting 
procedure  and  the  added  electronic  energy  consumption.  The  impact  of  such  overhead  on  energy  efficiency 
will  be  analyzed  in  Section  II. 4. 


2.3.  Synchronization  among  cooperating  sensors 


2.3.1.  Synchronization  and  channel  models 

Before  cooperative  transmission,  the  secondary  heads  can  synchronize  their  carrier  frequency  and 
symbol  timing  to  their  received  signals  when  the  primary  head  broadcasts  the  fused  data.  The  remaining 
issue  is  then  relative  to  carrier  phase  and  timing  phase  synchronization. 

We  have  to  omit  the  transmission  delays  from  the  primary  head  to  the  secondary  heads  since  they 
are  difficult  to  estimate  and  compensate.  Therefore,  if  the  maximum  distance  between  the  primary  head  and 
the  secondary  heads  is  t/max  ,  then  the  beginning  time  of  cooperative  transmission  at  the  primary  head  is  up 
to  <fmax  /  c  earlier  than  the  secondary  heads,  where  c  is  the  speed  of  light.  Among  the  signals  transmitted 
by  the  cooperating  sensors,  the  maximum  (worst  case)  relative  delay  is  2 dmm  /  c  when  they  arrive  at  the 
data  collector.  These  delays  cause  synchronization  error  in  both  carrier  phase  and  timing  phase. 

Let  the  passband  signal  from  a  head  sensor  i  be  sAt)  =  Re[JpyS'  bA(.)p(t  -  lT)ej2^‘r\ 
where  Re[.]  stands  for  real  part,  p  i s  a  transmission  power  adjustor,  Z>,(f)  is  the  complex  symbol  at 
symbol  interval  \ttT,  {i  +  1)T)  is  the  baseband  pulse  shaping  filter,  and  fc  is  the  carrier  frequency.  The 
received  signal  at  the  data  collector  is  then 

_  J  00 

xp  (x)  =  Re[ Tj  a‘bi ^p(t  ~eT~Ti )eji24ct~e- ]  +  vp (01,  (22) 

1=1  £=-cc 

where  «,  and  0,  are  gain  and  phase  of  the  propagation  channel,  and  r,-  is  the  delay.  We  use  v  Jt)  to 
denote  passband  noise.  Flat  fading  propagation  is  assumed,  and  with  same  p  ,  the  transmission  power  is 
evenly  distributed  among  cooperating  head  sensors. 

Because  signals  from  head  sensors  have  different  0l  and  t[  ,  it  is  impossible  to  achieve 
synchronization  in  carrier  phase  and  timing  phase.  Therefore,  without  loss  of  generality,  we  demodulate 
(22)  with  local  carrier  e~^2l^ct  and  then  perform  sampling  at  time  instants  tn  =  nT  +  r  (for  arbitrary  r  ). 
The  baseband  samples  x{n)  =  xh(nT  +  r)  are 

_  j 

x(n)  =  [p{r  -  r,)b,(«)  +  ^p((n  -£)T  +  r-  r;)b;(f)]  +  v(«) ,  (23) 

i=\ 

where  v(/?)  is  baseband  noise.  Obviously,  residual  inter-symbol  interference  (ISI)  is  inevitable.  In  flat 
fading  environment,  we  would  prefer  that  single-tap  channel  model  still  be  used  in  cooperative 
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transmission.  This  can  be  achieved  by  making  dmm  small  enough  to  effectively  reduce  the  upper  bound  of 
r,  and  thus  the  ISI  to  a  negligible  level. 

By  choosing  dmax  small  enough,  the  baseband  received  signal  (23)  can  be  approximated  as 

j 

x(n)  =  “'■*'■(") +  v(/7)  ’  (24) 

i=l 

where  a,-  =  a,e  j0‘  .  Hence  the  flat  fading  channel  assumption  as  in  [24]  can  still  be  applied. 


2.3.2.  Long-term  effect  of  frequency  and  timing  offsets 

In  Section  II. 3.1,  we  assumed  that  synchronization  on  carrier  frequency  and  symbol  timing  is 
perfect.  However,  such  synchronization  may  not  be  accurate  due  to,  e.g.,  noise,  Doppler  shifting,  and 
difference  on  processing  circuitry,  in  which  case  there  are  frequency  and  timing  mismatches  among 
cooperating  nodes. 

Carrier  frequency  mismatch  makes  channels  time-varying  so  that  channels  have  to  be  adaptively 
tracked.  Timing  mismatch  is  more  devastating  because  it  destroys  the  space-timing  signal  structure,  which 
makes  STBC  not  directly  applicable  [28],  If  the  ratio  of  the  symbol  rate  of  sensor  1  to  sensor  2  is  r  then 
when  sensor  1  transmits  K  symbols,  sensor  2  can  transmit  Kir  symbols. 

One  way  to  mitigate  this  problem  is  to  limit  the  packet  (or  slot)  length.  Consider  first  the  case 
r  <  1 .  In  order  to  keep  correct  timing,  both  sensors  need  to  transmit  K  symbols  in  one  slot,  which  gives 
K  <  K  /  r  <  K  + 1  (the  difference  on  transmission  delay  is  omitted  for  simplicity)  and  we  have 
K  <r/(r- 1)  .  Similarly,  if  r  >  1 ,  we  have  K  <  r  l(r  -  I) .  In  summary,  we  need  to  choose  packet  length  K 
such  that  K  <  r  I  \  \  —  r  \ .  Therefore,  r  needs  to  be  close  to  1  for  reasonable  packet  lengths.  For  practical 
oscillators  with  up  to  100  ppm  drifting,  we  have  r  e  [1  - 10  4, 1  +  1(T4] . 


2.4.  Energy  efficiency 

Consider  the  baseband  signal  model  (24)  with  quasi-static  Rayleigh  flat  fading  channels,  i.e.,  a, 
are  complex  Gaussian  distributed  with  zero-mean  and  unit  variance,  and  are  constant  in  one  STBC  block 
but  may  vary  randomly  between  blocks.  The  noise  is  AWGN  with  zero  mean  and  variance  cr2  .  After  the 
synchronization  problem  is  resolved,  traditional  STBC  [24]  can  be  directly  applied.  With  standard  STBC 
decoding,  the  data  collector  estimates  symbols  from 

j  _j_ 

b{n)  =  {pYJ\ai  1 2)2b(n)  +  w(n),  (25) 

i= 1 

where  w(n)  is  AWGN  with  zero  mean  and  variance  cr2  . 


2.4.1.  Improvement  on  transmission  power  efficiency 

To  compare  the  transmission  power  efficiency  of  cooperative  transmission  against  single 

ZJ  |  |2  2  2 

^  | ctj  per])  /  av ,  where 

af}  is  the  variance  of  the  symbols  bin  ) .  In  order  to  make  the  SNR  above  some  threshold  value  A  with  a 
high  probability  B ,  from  (24)  we  need  to  choose  carefully  the  overall  cooperative  transmission  power 
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2  |  |2  2  2 

Jp&b  such  that  Plp^  f  p; |  /  crv  >  /]  =  B  .  For  single  transmission,  we  assume  J  =  p  =  1  and  the 

channel  be  .  The  ratio  of  single  transmission  power  to  cooperative  transmission  power  is  1  /(Jp) . 

Proposition  4.  Cooperative  transmission  can  use  less  overall  transmission  power  than  single 
transmission  for  some  SNR  A  and  probability  B,  i.e.,  there  exist  A,  B  and  p  <M  J  such  that 

P 1  k  f  al 1  >Ai  =  p[|«i  I2  ab  /  a2  >A]  =  B. 

Proof.  See  [34], 

Though  such  a  conclusion  may  not  be  surprising,  the  advantage  of  this  approach  lies  in  the 
convenient  evaluation  of  power  saving.  Because  of  the  lack  of  general  BER  expressions,  many  other 
approaches  such  as  [29]  have  to  either  consider  special  case  or  resort  to  Monte-Carlo  simulations.  In  our 
case,  we  can  numerically  calculate  p ,  which  then  gives  power  saving  1  !{Jp)  .  For  example,  the  power 
saving  1  /(Jp)  can  be  calculated  as  5.7,  11.3,  16.8,  20.4  for/ =2,  3,  4,  5,  respectively.  Interestingly,  these 
values  are  close  to  the  results  in  [28]  obtained  from  BER  Monte-Carlo  simulations. 


2.4.2.  Overall  sensor  energy  efficiency 


In  order  to  study  energy  efficiency  with  the  consideration  of  overhead  and  electronic  energy,  we 
use  the  energy  consumption  model  as  in  [30].  Transmission  energy  consumption  is  modeled  as 
E'a(k,d)  =  kd2Ea  ,  a  function  of  both  the  number  of  symbols  transmitted  ( k )  and  the  transmission  distance 
(d).  Electronic  energy  consumption  is  modeled  as  linear  functions  of  k.  i.e.,  E'e(k)  =  kE'e  for  transmitters 


and  E'e  ( k )  =  kEre  for  receivers. 

For  single  transmission,  the  total  energy  consumption  of  both  the  transmitter  and  the  receiver  is 

E‘e(k)  +  E'a (k, d)  +  Ere(k)  =  kE‘e  +  kE'e  +  kd2Ea  .  (26) 

For  the  cooperative  transmission,  first  the  primary  head  broadcasts  fusion  results  to  the  secondary  heads, 
during  which  the  total  energy  consumption  is 

E'a  0 k ,  /max)  +  E'e{k)  +(J-  \)E’e  ( k )  =  kE'e  +(J-  V)kEre  +  kd2maxEa  .  (27) 


Then,  when  all  J  heads  perform  cooperative  transmission,  the  energy  consumption  is 

JEte(kJ)  +  Eta(kJ,d)  +  Ere(kJ)  =  JkjE’e  +  kjE'e  +  kjd2EaJ  .  (28) 

In  this  case,  kj  e  [k,2k~\  depends  on  J  and  the  STBC  encoding  scheme  [24].  EaJ  is  the  total  transmission 
energy  of  cooperative  transmission. 

Cooperative  transmission  enhances  energy  efficiency  if  the  sum  of  (27)  and  (28)  is  less  than  (26). 
It  should  be  readily  seen  that  this  depends  on  the  transmission  distance  d  .  Therefore,  cooperative 
transmission  is  advantageous  if 


d2i±l^-1)>jlL+[ij-2)±+i]-^L+di 


kj  En 


" aJ 


aJ 


kJ  EaJ 


(29) 


For  example,  with  typical  STBC  code  rate  k/kj,  energy  model  parameters  E'e  =  E[  =  5 On./  /  bit  and 


Ea  =  \00pJ / bit  / m2  [30],  and  /max  =10,  using  the  energy  (power)  ratio  Ea  I  EaJ  calculated  in  Section 
II.4.1,  the  minimum  distances  can  be  calculated  as  d  =  44, 61, 73, 92  meters  for  /  =  2, 3, 4, 5 ,  respectively. 
Since  those  transmission  distances  are  typical  in  wireless  sensor  network  applications,  cooperative 
transmission  is  useful  for  enhancing  energy  efficiency. 
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To  simulate  the  proposed  LEACH  with  cooperative  transmission,  we  use  the  same  network 
settings  as  [30].  The  overall  network  energy  efficiency  (in  terms  of  network  lifetime)  is  evaluated.  As 
shown  in  Fig.  6(b),  cooperative  transmission  can  extend  the  network  lifetime  over  traditional  LEACH. 
When  J  =  2,  30%  longer  lifetime  is  realized. 


Time  steps  (rounds) 

(b) 


Fig. 6.  (a)  Illustration  of  LEACH  with  cooperative  transmission  for  wireless  sensor 
networks.  •:  primary  heads.  A:  secondary  heads,  (b)  Compare  energy  efficiency 
with/without  cooperative  transmission  in  LEACH. 
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Part  3  Conclusions 


This  report  summarizes  the  research  results  in  the  security  of  wireless  transmissions.  Both  computational 
and  perfect  secrecy  can  be  realized  under  more  practical  assumptions.  Cooperative  communications  are 
proposed  as  tools  to  realize  wireless  information  assurance  as  well  as  to  enhance  the  performance  of 
wireless  sensor  networks. 
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